Change: helm: rename server-private-key to ingress-certificate

To be more inline with internal naming-schemes server-private-key is
renamed to ingress-certificate.

.github/workflows/helm-build-chart.yml

@@ -19,16 +19,7 @@ jobs:
       - name: deploy openvasd
         run: |
           cd rust/examples/tls/Self-Signed\ mTLS\ Method
-          sh server_certificates.sh
-          sh client_certificates.sh
-          kubectl create namespace openvasd || true
-          kubectl create secret generic server-private-key \
-                --from-file=key.pem=./server.rsa \
-                --from-file=certs.pem=./server.pem \
-                --namespace openvasd
-          kubectl create secret generic client-certs \
-                --from-file=client1.pem=./client.pem \
-                --namespace openvasd
+          make delete deploy
           cd -
           helm uninstall openvasd --namespace openvasd|| true
           helm install --namespace openvasd --create-namespace openvasd charts/openvasd/ --values charts/openvasd/values.yaml --values charts/openvasd/mtls-wo-ingress.yaml

charts/openvasd/README.md

@@ -6,12 +6,12 @@ This Helm chart is tested with k3s and Traefik. Note that other options may requ
 
 ## mTLS (Enabled by Default)
 
-To use mTLS, store the server certificate and key as a secret named 'server-private-key', containing key.pem and certs.pem. For example, deploying `openvasd` into the 'openvasd' namespace with a generated certificate:
+To use mTLS, store the server certificate and key as a secret named 'ingress-certificate', containing key.pem and certs.pem. For example, deploying `openvasd` into the 'openvasd' namespace with a generated certificate:
 
 ```bash
 cd ../../rust/examples/tls/Self-Signed\ mTLS\ Method
 sh server_certificates.sh
-kubectl create secret generic server-private-key \
+kubectl create secret generic ingress-certificate \
       --from-file=key.pem=./server.rsa \
       --from-file=certs.pem=./server.pem \
       --namespace openvasd

charts/openvasd/templates/deployment.yaml

@@ -43,9 +43,9 @@ spec:
       - name: ospd-logs
         emptyDir: {}
       {{- if eq .Values.openvasd.tls.certificates.deploy_server true }}
-      - name: server-private-key
+      - name: ingress-certificate
         secret:
-          secretName: server-private-key
+          secretName: ingress-certificate
       {{ end }}
       {{- if eq .Values.openvasd.tls.certificates.deploy_client true }}
       - name: client-certs
@@ -160,7 +160,7 @@ spec:
           mountPath: /run/ospd/
         {{- if eq .Values.openvasd.tls.certificates.deploy_server true }}
         - mountPath: "/etc/openvasd/tls/"
-          name: server-private-key
+          name: ingress-certificate
           readOnly: true
         {{ end }}
         {{- if eq .Values.openvasd.tls.certificates.deploy_client true }}

rust/examples/tls/Self-Signed mTLS Method/Makefile

@@ -1,17 +1,23 @@
-all: server client
+.PHONY: client server namespace delete deploy
 
-.PHONY: namespace deploy
-
-server: server.pem server.rsa
-	sh server_certificates.sh
-client: client.pem client.rsa
-	sh client_certificates.sh
+server:
+	# only when server.rsa is not available
+	[ ! -f server.rsa ] && sh server_certificates.sh || true
+client:
+	# only when client.rsa is not available
+	[ ! -f client.rsa ] && sh client_certificates.sh || true
 
 namespace:
-	kubectl create namespace openvasd | true
+	kubectl create namespace openvasd || true
+
+delete: 
+	kubectl delete secret ingress-certificate --namespace openvasd || true
+	kubectl delete secret client-certs --namespace openvasd || true
+
+
 
 deploy: namespace server client
-	kubectl create secret generic server-private-key \
+	kubectl create secret generic ingress-certificate \
 		--from-file=key.pem=./server.rsa \
 		--from-file=certs.pem=./server.pem \
 		--namespace openvasd